gipplab / MathMLben

A quality benchmark for MathML
https://mathmlben.wmflabs.org/
4 stars 2 forks source link

[Snyk] Security upgrade npm-check-updates from 2.15.0 to 3.0.0 #107

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: npm-check-updates The new version differs by 64 commits.
  • 4dc843f 3.0.0
  • 1121fbc README
  • 3a91c87 Upgrade packages
  • c301680 Match E404 error messages.
  • 564a277 Add tests for detecting -alpha, -beta, -rc. Closes #368.
  • d319202 Replace --prod/dev/etc with --dep. -m = --minimal. -p = --packageManager.
  • 07ec417 README
  • 6133184 Fix spacing in ncu -g output (minor).
  • 74bc003 Add linting and vulnerability testing to "npm test".
  • 6804d56 Upgrade non-major dependencies.
  • 54bca4d Make -u output clearer.
  • bc056c6 Upgrade dependency: eslint
  • 3a03e87 Lint
  • f8a7bcc Upgrade dependency: mocha
  • 4396ede Upgrade dependency: should
  • 3bb2daf Upgrade dependency: tmp
  • 6a7ae3b Upgrade dependency: get-stdin
  • 2c7f8d2 Merge unit tests from #382
  • c4658e6 Upgrade dependency: chalk
  • 802af36 Default arguments (minor)
  • 8b261f5 Remove npm and npmi from dependencies. Use requireg instead of npmi in bower.
  • 2ea7cb0 Upgrade dependency: find-up
  • d7fee5c Minor update of tabs to spaces and a few lingering vars.
  • a1444b7 Skip test. TODO: filter org deps by regex.
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic